Why So Many Hackers Are Going After the Health Care Industry

Initial suspicions from the massive hack at Anthem are just starting to roll in, and they are suspicious. Long story short, a few unnamed people immediately jumped to the conclusion that it was China. That said, Anthem is hardly the only health care company that's been hacked lately.

It's a bit of an pandemic, actually (pardon the pun). Last year, we saw a series of attacks on hospitals and health care companies. It's way too soon—and a little bit presumptuous—to say that the Anthem attack was state-sponsored hackers from China. However, past attacks show that Chinese hackers have been targeting the health care industry, in part, because it's so easy to hack. Bad security means that hackers can gain access to personal data and possibly trade secrets that could be used or sold on the black market.


Bloomberg's sources think that the Anthem breach was part of the same strategy. There's an espionage angle, too:

In the past year, Chinese-sponsored hackers have taken prescription drug and health records and other information that could be used to create profiles of possible spy targets, according to Adam Meyers, vice president of intelligence at Crowdstrike, an Irvine, Califorinia-based cybersecurity firm…

"This goes well beyond trying to access health-care records," Meyers said. "If you have a rich database of proclivities, health concerns and other personal information, it looks, from a Chinese intelligence perspective, as a way to augment human collection."


Well, that makes an otherwise complex information security issue sound like a Bond movie, doesn't it? This isn't a movie, though. Anthem is the second-largest health insurer in the United States and some 80 million people could be affected by this. But maybe this is just the outbreak the health care industry needs in order to invest in better security. [Bloomberg]

Image via Getty

Hospital Hacks Are Skyrocketing Because Hospitals Are Super Easy to Hack

According to a fresh report from cybersecurity experts, hospitals are hackers' new favorite playground. That's unsettling news for anyone who's ever visited a hospital (read: everyone) but it also offers a curious window into how we guard our most important data. Put bluntly, we do a pretty piss poor job of it.

The security research firm Websense says that cyberattacks on hospitals have increased 600 percent in the last 10 months. Undoubtedly, much of that increase can be accounted for by the previously reported attack on Community Health Systems, which affected some 4.5 million patients in 206 hospitals across 29 states. Websense and other security research firms say that the now infamous Heartbleed vulnerability is to blame for many of the breaches, though patches have since been put into place. Those firms also say that hundreds of thousands of patients remain vulnerable.


Why is this happening? Well there are a couple of reasons, both of them scary. The latest research suggests that hackers are turning to hospitals because they're just so dang easy to hack. The healthcare industry spends very little on cybersecurity, says John Halamka, chief information officer and dean of technology for Harvard Medical School. He (rhetorically) asked the MIT Technology Review, "Where do you think you're going to find the vulnerabilities?"

The other big reason hackers like hospitals is because the data is so valuable. The bounty of personal information contained in medical records goes for a pretty penny on the black market, and can also be used to socially engineer other attacks onto those patients.

Then there's the proprietary information about the hospitals themselves that the attackers can glean. Re/Code reported on the earlier attack, supposedly mounted by the Chinese Army:

On average, the hackers would spend nearly a year perusing a targeted company's systems looking for sensitive information to steal: Product development plans, manufacturing techniques, business plans and the email messages of senior executives. The point is to help Chinese companies be more competitive.


So some hackers are after your Social Security number and physical traits, while other hackers are spying on how we run our healthcare industry. Super duper.

What can we do about it? Choose your healthcare provider very carefully. Find out how electronic medical records are being secured, and if you're feeling really frisky, you can pressure your member of Congress to introduce legislation that would regulate cybersecurity in the healthcare industry more closely. Maybe just cross your fingers, too. Just for good luck. [Tech Review]

Image via Shutterstock